Mitnick In The News

Anti-phishing firm KnowBe4 looks to gear up channel

About five per cent of the company’s partner business is in Canada today, but they have a push panned in the Canadian market in 2017.

Clearwater FLA-based KnowBe4 was founded in 2010 on the premise that regardless of the security tools an organization employs, it is most likely to be breached through human error, particularly susceptibility to phishing. While the company initially sold largely direct, it has always has a channel component, and is now building that out further with selected partners.

The company was founded in 2010 by Stu Sjouwerman, who started it five days after he sold Sunbelt Software and its VIPRE software suite to GFI Software.

“In working with VIPRE, he found that if people didn’t click on things, things would be a lot better, so he came up with the concept of this company,” said Tish Williams, KnowBe4’s VP of Channel Sales.

They have two principal offerings. One is Kevin Mitnick Security Awareness Training, named after the celebrity hacker and reformed criminal who came on board at KnowBe4 as Chief Hacking Officer. It consists of a combination of web-based training and continuous assessment of individual employees through simulated phishing attacks on them.

“Our other product is called KCM – KnowBe4 Compliance Manager,” Williams said, “It’s a GRC-like tool geared towards the SMB to midsize market, to help them streamline their documentation and processes. True GRCs are big and take a lot of time and energy. SMB IT staffs are often a couple of staff. Ours is a single platform, one that makes it easy to get compliant and maintain compliance at a fraction of the cost.” It takes advantage of the fact that the strongest market for the security awareness training is the compliance market, including healthcare, law firms, government, and PCI compliance.

KnowBe4 has upgraded its security awareness training this year with several new features available to customers with a Platinum-level subscription. This includes EZXploit, a patent-pending functionality that allows the running of an internal, fully automated “human pentest.” Users can launch a simulated phishing attack, which when clicked comes up with a secondary ruse like a Java popup that your user is further social engineered to click on. This tests whether the user can be successfully be exploited, going beyond seeing whether they will click on a link.

Another new test is the USB Drive Test. Users can now download a special, “beaconized” Microsoft Office file from KnowBe4’s admin console onto a USB drive to be dropped at an on-site, high traffic area. If one of the organization’s users picks up the USB drive, plugs it in their workstation, and opens the file, it will “call home” and report the fail, as well as if the user enables the macros in the file.

KnowBe4 also added GEO-location to its phishing templates, allowing the organization to see where simulated phishing attack failures are on a map.

This month, KnowBe4 expanded its global capabilities, making its security awareness training available in 26 language versions.

All this increases the need for more partners.

“The biggest challenge is training the partner is to get them to understand how to promote it,” Williams said. “It’s not that complex, but wrapping their heads around how this kind of SaaS product is positioned hasn’t been that easy of a process. But once they get-it, it’s a no brainer.”

Williams said that KnowBe4 typically has to do the heavy lifting, which will continue until they can build out the right channel.

“These are security-focused partners who understand compliance,” she said. “Security-focused VARs are great. VARS and SIs typically offer it as a package. With consultants, it’s sometimes yes, and sometimes no. They typically offer a range of products and services, leaving it to the customer to pick what they want.”

Williams said that because they are off the beaten path as far as products go, they only need a smaller number of partners. They are, however, aggressively pursuing those who understand both the software side and security. Earlier this month, Williams was at CompTIA ChannelCon for that purpose, while their CTO was at Black Hat at the same time.

“We are more focused on the SMB, while our competitors in this space are more on the enterprise,” Williams said. “However, being cloud-based we have quite a few customers in the enterprise space, and that is growing significantly because of our price point.

KnowBe4 also recently expanded its North American distribution, which formerly consisted only of Lifeboat.

“We just signed on with Tech Data,” Williams said. “Being in Clearwater ourselves, it was easy to make that marriage happen.” The Tech Data deal is North America-wide, covering Canada as well as the U.S.
Williams said that Canada accounts for about 5 per cent of KnowBe4’s partner business.

“The majority of that is in the Greater Toronto area, but we have some partner coverage in Alberta and BC,” she said. “As we move forward, we are micro-segmenting our team, and Canada in 2017 will be a high focus area for us to move into – especially the government.”